RSAC 2023
The biggest names and cybersecurity vendors gathered for their annual meet-and-greet, a massive keynote session aiming at IT/cybersecurity trends both new and old. Various topics took center stage and we’ve collected some critical takeaways from the conference, thanks in part to various sources like CRN.
The goal of the conference was to highlight growth, discuss coming trends, and what IT team leads can do today to better prepare their digital architecture for coming changes, dangers, and solutions. Cisco, Microsoft, Crowdstrike, and Palo Alto Network executives gathered to talk about innovations in the cybersecurity realm.
AI in Cybersecurity
The CPO of Palo Alto, Lee Klarich, spoke in optimistic terms about the “transformative” power of AI-based solutions when built with powerful data. “AI is most powerful when driven by great data,” they said.
AI security models need training on data sets to reach desired outcomes, and therefore, they’re the likely next “big thing” in the IT realm. Automated and learning solutions have the potential to counter and mitigate threats, reduce redundancies, and allow the human element more room to focus. AI defensive models can address the shortcomings found in the industry, like budgetary limitations and shortage of experts.
Jeetu Patel of Cisco also reinforced this idea. AI, he stated, is necessary to combat the sheer scale of modern cyber-attacks. With threat actors using bots, brute force, and automated tactics, they readily outpace the human ability to respond practically. Patel also believes that for AI cybersecurity solutions to become mainstream, it needs three things: data, insights, and experience (specifically a positive one).
ChatGPT comes to mind as an example of a successful AI model. It draws from the right data and insights to deliver the desired outcome, and the experience is both positive and accessible. We have to think about how the average person will use AI services in the cybersecurity realm, and that’s something service models have to tackle soon. For now, ChatGPT has essentially become a mainstream service, reaching 100 million subscribed users within months of its creation. Technological tools are moving fast, and AI will take center stage at the heart of its discussion.
Can AI truly address and make up for a lack of cybersecurity experts? Well, that’s the pitch. Replacing, enhancing, and “augmenting” humans are lots of tall talk and help us remain optimistic about the future. In execution, that’s something different.
Keeping it simple and dangerous
Other highlights of security discussions involved hacker mentality regarding the assets at their disposal. Again, machine learning and AI will play a role, as a fundamental rule of cybersecurity is if it benefits us, it benefits them. But that doesn’t mean the evolution of tools leads to their immediate use. Keeping things simple proves brutally effective. Think about phishing and social engineering campaigns, concepts as old as the internet but are still widely used today. That makes sense, considering the wide application of threat campaigns. If you can yield a big profit or steal critically important data with the cheapest tools, why wouldn’t you?
In the same vein, keeping defense simple and accessible is also a reasonable strategy. Cybersecurity complexity is daunting to non-IT staff and specialists. Approaching it from simple, incremental steps can reduce the seemingly herculean nature of cybersecurity response into something manageable by any staff member at any network level.
Attacks without malware
A steadily growing attack type by third parties is malware-free attacks, leaving traceless evidence and relying on permissions exploitation to achieve data theft. Crowdstrike’s president Michael Sentonas briefly talked about malware-free attacks, stating “71 percent of the attacks — the incidents we investigated — did not use malware at all.”
We’ve talked at length about malware-free attacks and the dangers they represent, avoiding automated solutions and traditional anti-virus techniques.
Taking an offense-based approach
In murkier waters is the declaration of offensive defense. In other words, taking the fight against hackers with retaliatory strikes. There is some merit to the sustained targeting of threat networks to destabilize and diffuse malicious operations, but in practice, it’s not so simple. Third-party attacks originate from different parts of the world, and some are clandestine operations with governing support.
Even if not, retaliation could have unforeseen political ramifications. For example, some attackers deploy malware campaigns through botnets or hijacked systems. How can one be sure the network they’re striking back against is the hacker network?
The CEO of Trellix, Bryan Palma, briefly touched on the concept of “hitting first.” The proposal is that with our current (see: the United States cybersecurity infrastructure) industry, federal networks should go to the digital trenches and destabilize thriving malicious networks, websites, and services. It raises questions about what is allowed and what should be allowed. If we grant those same permissions to SMBs and larger organizations, what are the consequences? Do they have political blowback?
While the concept of “hitting back” or throwing the first punch certainly feels good, the large-scale problems it can cause mean the phrasing is murky at best.
Concluding thoughts
As is with security panels, discussions about what is important to cybersecurity, IT, and tech-driven businesses surround defense and the potential AI can play. At most, discussions surrounded big ideas, but the execution of said concepts is something else altogether.
To summarize: AI will have some role in cybersecurity, attackers prefer the simplest and cheapest way to attack their targets, and there’s emphasis on taking an offensive approach in cybersecurity.
For more information on cybersecurity, IT, or system support, you can contact Bytagig today.
